this post was submitted on 17 Sep 2024
444 points (99.1% liked)

Open Source

31188 readers
230 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

I had no idea this issue had been identified. While I find this tool very useful, the project is seeming rather questionable to me now.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 1 points 1 month ago

Is there an alternative to Ventoy for booting Windows vhd images from an ntfs partition?

[–] [email protected] 1 points 1 month ago

going back to using multiple usb

[–] [email protected] 1 points 1 month ago (4 children)

I haven't read to far into this but the issue is completely devoid of contributors and maintainers. I find the wording of the issue quite concerning:

Due to the recent XZ-Utils drama I checked the code and I'm appalled. There are more BLOBS than source code. https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/cryptsetup https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/Unix/ventoy_unix https://github.com/ventoy/Ventoy/tree/3f65f0ef03e4aebcd14f233ca808a4f894657802/DMSETUP

There is no reason to have those not be build in the release process. Of course it's convenient, they are prebuild, it's fast and nobody has a problem with it.

Recent events however showed that these BLOBs can contain everything and nothing. The build instructions would not produce the exact same executable for everyone. It's better to have GitHub build it on-push and use them out of the build cache.

I would do it myself, but unfortunately I'm not familiar enough with the Ventoy build process to actually do it. I understand that removing BLOBs isn't a priority over new and shiny features. But due to recent events, this should be rethought.

Thank you for reading this and I hope for a productive conversation

This is free software, they don't owe you anything and this kind of language sounds angry and entitled. You can't just Gordon Ramsay on someone else's codebase.

[–] [email protected] 3 points 1 month ago (1 children)

Actually you can and should Gordon Ramsey all over it. It is the duty of audience members to express how they feel honestly about the artwork.

Open Source can and do understand that and open source software becomes better for it.

[–] [email protected] 1 points 1 month ago (1 children)

I’m not saying don’t criticise it. It’s about communication. The language isn’t very good. See my other comments

[–] [email protected] 1 points 1 month ago

Yes, that's users for you. A diverse bunch and many lacking in basic politeness. But you just have to listen to whiney users. You just have to... and figure it out if you want to make world class software.

[–] [email protected] 10 points 1 month ago (1 children)

I cannot fathom what in this issue description gives rise to your concern. It’s worded very calmly, clearly explaining why the author thinks these BLOBs shouldn’t be there, expressing an understanding that it’s not a top priority and even closing with a thank you.

[–] [email protected] -1 points 1 month ago* (last edited 1 month ago) (1 children)

Is this not rude:

I checked the code and I’m appalled. There are more BLOBs than source code

And this:

I understand that removing BLOBs isn't a priority over new and shiny features. But due to recent events, this should be rethought.

We didn’t like it when MS made an issue trying to direct ffmpeg

They should have opened with a complement or asked for directions if they didn’t know. In this message “Thank You” means fuck all

[–] [email protected] 1 points 1 month ago (1 children)

Is this not rude:

I checked the code and I’m appalled. There are more BLOBs than source code

No. The commenter is voicing their own feelings and explains why they have them. There is neither blaming nor rudeness here.

And this:

I understand that removing BLOBs isn’t a priority over new and shiny features. But due to recent events, this should be rethought.

It would have been nice if you had explained why you think this is rude. The author expresses understanding that the maintainers’ priorities don’t align with the author’s. This seems to be an uncontroversial statement to me.

Then the author explains (I agree, it’s more a hint than an explanation) why they think the priorities should be changed. In my view their argument is sound. Again, there is no blaming or rudeness here.

They should have opened with a complement

I assume you mean “compliment”.

I’ve often heard of the “sandwich technique” – start with a compliment, then voice criticism, end with another positive thing. I find this is an appropriate procedure when voicing open feedback, that is, good things and bad things. However, this is a Github issue. Its whole point is to point out a perceived problem, not to give the maintainers a pat on the back or thank them.

[–] [email protected] 0 points 1 month ago (1 children)

I don't understand how "appalled" being strong language is so controversial, maybe everyone here is just a rude little shit.

I would have worded it like so:

Hi, I'm concerned about the BLOBs used in this repo as they are a security risk, making the code less auditable. It looks like we could generate these BLOBs in a github action or something so we can keep the fast build process while making it easier to audit the code. I'm not exactly sure how to go about this myself but I've done similar things in other projects, maybe you could point me in the right direction as I am unfamiliar with the ventoy build process? Thanks for the really cool project, and hopefully we can sort this out easily. Looking forward to your response.

I did it with less anger and entitlement and in less words

[–] [email protected] 1 points 1 month ago (1 children)

maybe everyone here is just a rude little shit.

Or maybe you’re just a snowflake that can’t handle criticism.

[–] [email protected] 3 points 1 month ago (1 children)

I mean the author has simply ignored this issue. If you look into it there are a few that people simply do not know how to generate, so without the maintainer it's impossible to make a PR solving this.

[–] [email protected] -5 points 1 month ago

I mean if I got an issue that sounded that entitled and this is something I do in my spare time, I'd probably ignore it.

My point is they could have worded it better and it might have gotten a response. If you ask kindly about the BLOBs and maybe for some help to push you in the right direction instead of saying "I don't know", then it is fair to call the maintainer rude for ignoring it completely.

[–] [email protected] 11 points 1 month ago (3 children)
[–] [email protected] 1 points 1 month ago

They even made a movie about it!

[–] [email protected] 5 points 1 month ago

Binary Large OBject

[–] [email protected] 19 points 1 month ago (1 children)
load more comments
view more: next ›